LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   newbie seeking advice on properly configuring server (https://www.linuxquestions.org/questions/linux-general-1/newbie-seeking-advice-on-properly-configuring-server-52280/)

marvc 03-28-2003 07:19 PM

newbie seeking advice on properly configuring server
 
I'm wondering if someone can give me some advice on properly configuring my new linux rh7.3 server? I'm trying to document all of the steps I take in getting this server thoroughly secured and properly configured and accessible via the web, but I'm kinda stuck in limbo on what needs to be next. Coming from MS it was kinda easy in that you'd:
Install OS
Download latest updates
Configure permissions accordingly
Install additional apps & configure as needed
blah blah blah

Now what do i do in RH? So far I've
Installed OS
Downloaded latest updates
.......

It seems like it could be the same, but I feel there is something missing.
I know that I want this server to be a web server. I also know that I want to install mysql, php, acid, snort, and anything else that can be recommended. Can someone advise on the steps they take to get their servers up and going?
Mind you I'm still learning my way around linux so any talk of compiling or building something from scratch may not be possible, yet. Anyone use or know of any packages that comes with everything included? I used phpHome on my w2k/apache server
I do welcome any responses.

pjcp64 03-28-2003 09:49 PM

RedHat will seem pretty different from MS but once you get your sea legs I think you'll like it quite a bit more.

1st) Since you'll be playing around with it quite a bit, you'll want to set up a recovery plan. I'd recommend creating a KickStart file so that you can reinstall without having to redefine all of the install options and software selection. You'll also want to use rsync to make backups to a /backup partition ( or preferably another computer ).

2nd) You want to use Iptables to setup a firewall. These scripts are readily available on the internet. You'll need to startup iptables in your services ( under System Settings ).

3rd) Get your networking going.

4th) startup httpd in your services. You'll then have to configure Apache ( httpd ) for your site.

Your request is pretty broad by at least this may give you a few keywords to search on.

If you'd like some help with these things I can sure help. You can email directly at id4spam@cox.net
I'll see them more quickly that way.

Thom

marvc 03-29-2003 02:33 PM

Thanks pj this is what I've accomplished thus far:
1. haven't gotten around to backing this server up yet as I'm still getting familiar with "the basics".

2. Haven't done anything to the firewall since chooseing the default option of "medium" during the initial installation.

3. Got my network going. This server's configured with a static IP on a w2k network. I've got name resolution and internet connectivity.

4. Haven't started up any httpd services yet as I'm trying to document every phase of that process when I get to it. Was mainly trying to concentrate on getting the "other parts" taken care of first. Whatever they are.

5. Have you or anyone here used Fast-Pitch for configuring your linux servers? Located at:
fast-pitch

I really don't wanna spend any more hours and days searching for documents that cover kep app installation and this script seems to remove some of the burden of configuring the server.

pjcp64 03-29-2003 03:45 PM

I have two scripts to do my backups:

The first backs up rh01 to the rh02's /backup/rh01 directory.
The second actually copies rh01 to rh02 while excluding the key files that you would want different for network reasons etc... This keeps my systems in sync.
The copies occur over a ssh connection ( optional ) and deletes any files on rh02 that don't exist on rh01 ( also optional ).
The first copy takes a while since all of the info has to be copied, afterwards though, it takes about 5 minutes. My hardware is similar between the two computers. I don't know if you have two systems to work with or not. If not, you can always make backups to a /backup partition.

rsync.backup.sh ---------------------------------------------------------
rsync -avz -e ssh --delete --exclude=/proc --exclude=/dev --exclude=/mnt --exclude=/lost+found --exclude=/backup /* rh02:/backup/rh01/

rsync.rh01.to.rh02.sh ----------------------------------------------------
rsync -avz -e ssh --delete --exclude=/boot --exclude=/dev --exclude=/mnt --exclude=/proc --exclude=/lost+found --exclude=/backup --exclude=/etc/sysconfig --exclude=/etc/resolv.conf --exclude=/root/.ssh --exclude=/root/.mc/Tree --exclude=/etc/hosts --exclude=/etc/rsync.backup.sh /* rh02:/

One reason I like to use kickstart is that I can rebuild everything with minimal effort since all of the options are already chosen for me. You can actually find a kickstart file in your /root directory. It's called anaconda-ks.cfg.
To build mine, I also ran the KickStart program. I then sort of combined the two. It wasn't too tough. The file has to be named ks.cfg.
Once I finished by ks.cfg file I simply copied it to a floppy. Next time I installed RedHat I simply typed at the first text based screen that pops up: linux ks=floppy
After that, all that's left is loading CDs when instructed.
The advantage with this is that my initial software selection and file systems sizes are consistent between the two systems.
In a really bad crash, I would reinstall using kickstart and then rsync back from by backup on rh02:/backup/rh01

2. I actually have my default option set to none since I am using iptables. One thing I like about iptables is that everything is contained in one file. Configuration on your system would be different than on mine though since I have an actual firewall box running and I don't want anything to come in.

3. Whoohoo! It took me awhile to get that working when I first started with linux a few years back. But then again, I didn't even know what a DNS was at the time.

4. Yeah, I'd hold off on it too. Setting up Apache initially isn't to bad though. I imagine the devil's in the details like security and your web content itself.

5. Never even heard of fast-pitch. It looks like it might be pretty good. Nothing fancy, just commands etc... written by folks who have a clue on whats going on.
I don't have time to play with it tonight cause I'll be dialed in to work getting some stuff done on our HP-UX servers. I might see how well it works tomorrow though.


All times are GMT -5. The time now is 05:37 AM.